Add more SBOMs (#195736)

2024-08-27 13:00:58 +00:00 · 2023-10-17 15:55:55 -07:00 · 2023-10-17 15:55:55 -07:00 · 880cb517e1
parent 5559d9daaa
commit 880cb517e1
7 changed files with 67 additions and 4 deletions
--- a/build/azure-pipelines/alpine/product-build-alpine.yml
+++ b/build/azure-pipelines/alpine/product-build-alpine.yml
@ -138,6 +138,19 @@ steps:
    condition: and(succeededOrFailed(), notIn(variables['Agent.JobStatus'], 'Succeeded', 'SucceededWithIssues'))
    displayName: Generate artifact prefix

+  - script: mkdir $(agent.builddirectory)/vscode-alpine-$(VSCODE_ARCH)
+    displayName: Make folder for SBOM
+
+  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+    displayName: Generate SBOM
+    inputs:
+      BuildDropPath: $(agent.builddirectory)/vscode-alpine-$(VSCODE_ARCH)
+      PackageName: Visual Studio Code Server
+
+  - publish: $(agent.builddirectory)/vscode-alpine-$(VSCODE_ARCH)/_manifest
+    displayName: Publish SBOM
+    artifact: $(ARTIFACT_PREFIX)sbom_vscode_alpine_$(VSCODE_ARCH)
+
  - publish: $(SERVER_PATH)
    artifact: $(ARTIFACT_PREFIX)vscode_server_alpine_$(VSCODE_ARCH)_archive-unsigned
    displayName: Publish server archive
--- a/build/azure-pipelines/cli/cli-compile-and-publish.yml
+++ b/build/azure-pipelines/cli/cli-compile-and-publish.yml
@ -106,3 +106,26 @@ steps:
        - publish: $(Build.ArtifactStagingDirectory)/${{ parameters.VSCODE_CLI_ARTIFACT }}.tar.gz
          artifact: ${{ parameters.VSCODE_CLI_ARTIFACT }}
          displayName: Publish ${{ parameters.VSCODE_CLI_ARTIFACT }} artifact
+
+    # Make a folder for the SBOM for the specific artifact
+    - ${{ if contains(parameters.VSCODE_CLI_TARGET, '-windows-') }}:
+      - powershell: mkdir $(Build.ArtifactStagingDirectory)/sbom_${{ parameters.VSCODE_CLI_ARTIFACT }}
+        displayName: Make folder for SBOM (Windows)
+
+    - ${{ else }}:
+      - script: mkdir $(Build.ArtifactStagingDirectory)/sbom_${{ parameters.VSCODE_CLI_ARTIFACT }}
+        displayName: Make folder for SBOM (non-Windows)
+
+    # The if cases above are for different OSes,
+    # but we're still in the branch where the cli is being published in general.
+    # Generate and publish an SBOM.
+    - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+      displayName: Generate SBOM
+      inputs:
+        BuildComponentPath: $(Build.SourcesDirectory)/cli
+        BuildDropPath: $(Build.ArtifactStagingDirectory)/sbom_${{ parameters.VSCODE_CLI_ARTIFACT }}
+        PackageName: Visual Studio Code CLI
+
+    - publish: $(Build.ArtifactStagingDirectory)/sbom_${{ parameters.VSCODE_CLI_ARTIFACT }}/_manifest
+      displayName: Publish SBOM
+      artifact: sbom_${{ parameters.VSCODE_CLI_ARTIFACT }}
--- a/build/azure-pipelines/darwin/product-build-darwin.yml
+++ b/build/azure-pipelines/darwin/product-build-darwin.yml
@ -219,16 +219,17 @@ steps:
    - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
      displayName: Generate SBOM (server)
      inputs:
+        BuildComponentPath: $(Build.SourcesDirectory)/remote
        BuildDropPath: $(agent.builddirectory)/vscode-server-darwin-$(VSCODE_ARCH)
        PackageName: Visual Studio Code Server

    - publish: $(agent.builddirectory)/VSCode-darwin-$(VSCODE_ARCH)/_manifest
      displayName: Publish SBOM (client)
-      artifact: $(ARTIFACT_PREFIX)sbom_client_darwin_$(VSCODE_ARCH)_sbom
+      artifact: $(ARTIFACT_PREFIX)sbom_vscode_client_darwin_$(VSCODE_ARCH)

    - publish: $(agent.builddirectory)/vscode-server-darwin-$(VSCODE_ARCH)/_manifest
      displayName: Publish SBOM (server)
-      artifact: $(ARTIFACT_PREFIX)sbom_server_darwin_$(VSCODE_ARCH)_sbom
+      artifact: $(ARTIFACT_PREFIX)sbom_vscode_server_darwin_$(VSCODE_ARCH)

    - publish: $(CLIENT_PATH)
      artifact: $(ARTIFACT_PREFIX)unsigned_vscode_client_darwin_$(VSCODE_ARCH)_archive
--- a/build/azure-pipelines/linux/product-build-linux.yml
+++ b/build/azure-pipelines/linux/product-build-linux.yml
@ -331,6 +331,7 @@ steps:
    - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
      displayName: Generate SBOM (server)
      inputs:
+        BuildComponentPath: $(Build.SourcesDirectory)/remote
        BuildDropPath: $(agent.builddirectory)/vscode-server-linux-$(VSCODE_ARCH)
        PackageName: Visual Studio Code Server

--- a/build/azure-pipelines/linux/snap-build-linux.yml
+++ b/build/azure-pipelines/linux/snap-build-linux.yml
@ -50,6 +50,19 @@ steps:
      echo "##vso[task.setvariable variable=SNAP_PATH]$SNAP_PATH"
    displayName: Prepare for publish

+  - script: mkdir -p $(agent.builddirectory)/vscode-snap-linux-$(VSCODE_ARCH)
+    displayName: Make folder for SBOM
+
+  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+    displayName: Generate SBOM
+    inputs:
+      BuildDropPath: $(agent.builddirectory)/vscode-snap-linux-$(VSCODE_ARCH)
+      PackageName: Visual Studio Code Snap
+
+  - publish: $(agent.builddirectory)/vscode-snap-linux-$(VSCODE_ARCH)/_manifest
+    displayName: Publish SBOM
+    artifact: $(ARTIFACT_PREFIX)sbom_vscode_client_linux_snap_$(VSCODE_ARCH)
+
  - publish: $(SNAP_PATH)
    artifact: vscode_client_linux_$(VSCODE_ARCH)_snap
    displayName: Publish snap package
--- a/build/azure-pipelines/web/product-build-web.yml
+++ b/build/azure-pipelines/web/product-build-web.yml
@ -107,6 +107,7 @@ steps:
    displayName: Build

  - task: AzureCLI@2
+    displayName: Fetch secrets from Azure
    inputs:
      azureSubscription: "vscode-builds-subscription"
      scriptType: pscore
@ -151,6 +152,16 @@ steps:
    condition: and(succeededOrFailed(), notIn(variables['Agent.JobStatus'], 'Succeeded', 'SucceededWithIssues'))
    displayName: Generate artifact prefix

+  - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+    displayName: Generate SBOM
+    inputs:
+      BuildDropPath: $(agent.builddirectory)/vscode-web
+      PackageName: Visual Studio Code Web
+
+  - publish: $(agent.builddirectory)/vscode-web/_manifest
+    displayName: Publish SBOM (client)
+    artifact: $(ARTIFACT_PREFIX)sbom_vscode_web
+
  - publish: $(WEB_PATH)
    artifact: $(ARTIFACT_PREFIX)vscode_web_linux_standalone_archive-unsigned
    condition: and(succeededOrFailed(), ne(variables['WEB_PATH'], ''))
--- a/build/azure-pipelines/win32/product-build-win32.yml
+++ b/build/azure-pipelines/win32/product-build-win32.yml
@ -322,17 +322,18 @@ steps:
      - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
        displayName: Generate SBOM (server)
        inputs:
+          BuildComponentPath: $(Build.SourcesDirectory)/remote
          BuildDropPath: $(agent.builddirectory)/vscode-server-win32-$(VSCODE_ARCH)
          PackageName: Visual Studio Code Server
        condition: and(succeeded(), ne(variables['VSCODE_ARCH'], 'arm64'))

      - publish: $(agent.builddirectory)/VSCode-win32-$(VSCODE_ARCH)/_manifest
        displayName: Publish SBOM (client)
-        artifact: $(ARTIFACT_PREFIX)sbom_client_win32_$(VSCODE_ARCH)
+        artifact: $(ARTIFACT_PREFIX)sbom_vscode_client_win32_$(VSCODE_ARCH)

      - publish: $(agent.builddirectory)/vscode-server-win32-$(VSCODE_ARCH)/_manifest
        displayName: Publish SBOM (server)
-        artifact: $(ARTIFACT_PREFIX)sbom_server_win32_$(VSCODE_ARCH)
+        artifact: $(ARTIFACT_PREFIX)sbom_vscode_server_win32_$(VSCODE_ARCH)
        condition: and(succeeded(), ne(variables['VSCODE_ARCH'], 'arm64'))

      - publish: $(CLIENT_PATH)